US8732813B2 - Method and system for securing data from an external network to a non point of sale device - Google Patents

Method and system for securing data from an external network to a non point of sale device Download PDF

Info

Publication number
US8732813B2
US8732813B2 US12/265,575 US26557508A US8732813B2 US 8732813 B2 US8732813 B2 US 8732813B2 US 26557508 A US26557508 A US 26557508A US 8732813 B2 US8732813 B2 US 8732813B2
Authority
US
United States
Prior art keywords
point
data
sale
lan
sale device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US12/265,575
Other versions
US20100115602A1 (en
Inventor
Paul D. Coppinger
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Apriva LLC
Original Assignee
Apriva LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Apriva LLC filed Critical Apriva LLC
Priority to US12/265,575 priority Critical patent/US8732813B2/en
Assigned to APPSWARE WIRELESS, LLC reassignment APPSWARE WIRELESS, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: COPPINGER, PAUL D.
Priority to PCT/US2009/063265 priority patent/WO2010053983A2/en
Assigned to SYLVIA G. GORDON TRUST, SORRENTO INVESTMENT GROUP, LLC, EDWARD F STAINO TRUST, TRIREMES 24 LLC, WARD, CHRISTOPHER, TATE, MARSHA reassignment SYLVIA G. GORDON TRUST SECURITY AGREEMENT Assignors: APPSWARE WIRELESS, LLC
Publication of US20100115602A1 publication Critical patent/US20100115602A1/en
Assigned to APRIVA, LLC reassignment APRIVA, LLC CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: APPSWARE WIRELESS, LLC
Assigned to SILICON VALLEY BANK reassignment SILICON VALLEY BANK SECURITY AGREEMENT Assignors: APRIVA ISS, LLC, APRIVA SYSTEMS, LLC, APRIVA, LLC
Assigned to SPINNAKER CAPITAL, LLC reassignment SPINNAKER CAPITAL, LLC SECURITY INTEREST Assignors: APRIVA, LLC
Application granted granted Critical
Publication of US8732813B2 publication Critical patent/US8732813B2/en
Assigned to SKYSAIL 7 LLC, EDWARD F. STAIANO TRUST, TATE, MARSHA, WARD, CHRIS, LAVIN, KEVIN, MINTON FAMILY TRUST, MINTON, RANDALL, MINTON, TAMARA reassignment SKYSAIL 7 LLC SECURITY INTEREST Assignors: APRIVA, LLC
Assigned to SPINNAKER CAPITAL, LLC reassignment SPINNAKER CAPITAL, LLC RELEASE OF SECURITY INTEREST Assignors: APRIVA, LLC
Assigned to WARD, D. CHRISTOPHER, SKYSAIL 9 LLC, LAVIN, KEVIN J., SPINELLA, RINALDO, MINTON, REX, TATE, MARSHA, SPINELLA, RICHARD, RIDDIFORD, DAVID, EDWARD F. STAIANO TRUST reassignment WARD, D. CHRISTOPHER SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: APRIVA, LLC
Assigned to APRIVA, LLC reassignment APRIVA, LLC RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: EDWARD F. STAIANO TRUST, SORRENTO INVESTMENT GROUP, LLC, SYLVIA G. GORDON TRUST, TATE, MARSHA, TRIREMES 24 LLC, WARD, CHRISTOPHER
Assigned to SILICON VALLEY BANK reassignment SILICON VALLEY BANK SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: APRIVA, LLC
Assigned to SKYSAIL 18 LLC reassignment SKYSAIL 18 LLC SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: APRIVA, LLC
Assigned to SKYSAIL 19, LLC reassignment SKYSAIL 19, LLC SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: APRIVA ISS, LLC, APRIVA SYSTEMS, LLC, APRIVA, LLC
Assigned to SKYSAIL 18 LLC reassignment SKYSAIL 18 LLC SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: APRIVA, LLC
Assigned to SKYSAIL 18 LLC reassignment SKYSAIL 18 LLC SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: APRIVA, LLC
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • the present invention relates to local area networks and, more particularly, to a local area network with point of sale devices.
  • a point of sale system allows a customer to purchase goods or services from a merchant using a payment card (such as a credit card) issued by a financial institution with which the customer has an account.
  • the system transmits payment information associated with the purchase over a network to a payment host which authorizes and processes the transaction on behalf of a payment processor associated with the financial institution.
  • a point of sale system may have a number of terminals providing service to customers at multiple physical points within the merchant's business location.
  • Such terminals can now be found in the form of wireless devices that can service payment transactions in a flexible variety of locations.
  • customers can pay for meals at the table by swiping a payment card at a portable wireless point of sale terminal carried by a waiter. This provides potentially greater efficiency and security as the customer does not have to surrender the payment card to effectuate the payment transaction.
  • LAN local area network
  • wireless router that communicates with one or more wireless devices within a reasonably short range and also connects to an external network.
  • the wireless router can thus allow a number of wireless point of sale terminals in a shop or singularly located business to communicate with the appropriate payment host over the internet, thus allowing for payment transactions to be processed.
  • PCI-DSS Payment Card Industry Data Security Standard
  • FIG. 1 is a block diagram illustrating a system in which an embodiment of the invention is provided.
  • FIG. 4 is a flow diagram illustrating a process performed by the data control system for data from a point of sale LAN that is destined for a location on the system LAN.
  • FIG. 5 is a flow diagram illustrating a process performed by the data control system for data from a point of sale LAN that is destined for a location on the external network.
  • FIG. 6 is a flow diagram illustrating the process performed by the data control system for data from a non-point of sale device that is destined for a location on the system LAN.
  • FIG. 7 is a flow diagram illustrating the process performed by the data control system for data from a non-point of sale device that is destined for a location on the external network.
  • FIG. 8 is a flow diagram illustrating the process performed by the data control system for data from the external network that is destined for a point of sale device on the system LAN.
  • FIG. 9 is a flow diagram illustrating the process performed by the data control system for data from the external network that is destined for a non-point of sale device on the system LAN.
  • a point of sale network is defined within the LAN which includes point of sale devices but excludes non-point of sale devices.
  • point of sale devices are prevented from sending data to non-point of sale devices on the LAN.
  • point of sale devices are prevented from sending data to an external network other than via a secure connection.
  • non-point of sale devices are prevented from sending data to point of sale devices on the LAN.
  • non-point of sale devices are prevented from sending data to the external network via a secure connection reserved for point of sale devices.
  • point of sale devices are prevented from receiving data from the external network other than via a secure connection.
  • non-point of sale devices are allowed to receive data from the external network when established conditions are met.
  • cardholder data and other sensitive information related to point of sale transactions are protected even though the point of sale devices share the LAN with non-point of sale devices.
  • the LAN may include wired point of sale or non-point of sale devices as well as wireless point of sale or non-point of sale devices.
  • wireless devices may be prevented from sending data to wired devices and wired devices may be prevented from sending data to wireless devices.
  • Other aspects, additions and variations will be apparent to one of ordinary skill in the art based on the description herein.
  • FIG. 1 is a block diagram illustrating a system in which an embodiment of the invention is provided.
  • the system has a system LAN 100 which includes and is implemented by a wireless router 110 .
  • the system LAN 100 includes a wireless point of sale LAN 120 , wireless non-point of sale LAN 130 , wired point of sale LAN 140 and wired non-point of sale LAN 150 .
  • the system LAN 100 is also connected to an external network 160 which is, for example, a wide area network (WAN) such as the internet.
  • a payment host 170 is connected to the external network 160 .
  • the payment host 170 processes payment transactions initiated by point of sale devices on the system LAN 100 .
  • a secure host 180 is also provided on the external network 160 .
  • the secure host 180 secures data that is transmitted between the system LAN 100 and the payment host 170 , and may also provide additional functions related to payment processing and configuration and security of the system LAN 100 .
  • the wireless router 110 defines the wireless point of sale LAN 120 , wireless non-point of sale LAN 130 , wired point of sale LAN 140 and wired non-point of sale LAN 150 each as a separate virtual LAN (VLAN.) Only point of sale devices can be members of the wireless point of sale LAN 120 or wired point of sale LAN 140 , and only non-point of sale devices can be members of the wireless non-point of sale LAN 130 or wired non-point of sale LAN 150 . Additionally, only wireless devices can be members of the wireless point of sale LAN 120 or wireless non-point of sale LAN 130 , and only wired devices can be members of the wired point of sale LAN 140 or wired non-point of sale LAN 150 .
  • VLAN virtual LAN
  • the wireless point of sale LAN 120 includes one or more wireless point of sale devices 125 which communicate wirelessly with the wireless router 110 .
  • the wired point of sale LAN 140 includes one or more wired point of sale devices 145 connected by wire to the wireless router 110 .
  • a wireless point of sale device 125 or wired point of sale device 145 may be, for example, a point of sale terminal which accepts payment information in order to process a sales transaction.
  • a wireless point of sale device 125 or wired point of sale device 145 could also be a dedicated computer which processes payment transactions or administers point of sale devices and related configuration information.
  • the wireless non-point of sale LAN 130 includes one or more wireless non-point of sale devices 135 which communicate wirelessly with the wireless router 110 .
  • the wired non-point of sale LAN 150 includes one or more wired non-point of sale devices 155 connected by wire to the wireless router 110 .
  • a wireless non-point of sale device 135 or wired non-point of sale device 155 may be, for example, a personal computer used by one or more individuals affiliated with the merchant who maintains the system LAN 100 . Such individuals may use the personal computer for web browsing, email or numerous other purposes that warrant at least partially unrestricted access by the personal computer to hosts or devices on the external network 160 or system LAN 100 , as well as access to the personal computer by such hosts or devices.
  • a data control system defines within a local area network a point of sale network which includes point of sale devices but excludes non-point of sale devices.
  • the data control system is implemented by a router working in combination with a secure host on an external network to which the router is connected.
  • the point of sale devices may include wireless devices which communicate wirelessly with the router such as via a Wi-Fi connection, and may also include wired devices connected by wire to the router such as via an Ethernet connection.
  • the non-point of sale devices may be wireless or wired devices.
  • the data control system may additionally define a non-point of sale network which includes the non-point of sale devices.
  • the point of sale network and the non-point of sale network may each be defined as a virtual local area network.
  • FIG. 2 is a flow diagram illustrating configuration of a wireless point of sale LAN in accordance with an embodiment of the invention.
  • the process shown in FIG. 2 defines a wireless point of sale LAN which includes point of sale devices and excludes non-point of sale devices. This process is performed by the wireless router 110 at an initial configuration of the system LAN 100 and may also be performed at any later time as necessary to update the configuration, such as when a new device is added to the system LAN 100 .
  • the wireless router 110 determines whether a device that is being introduced to the configuration is a point of sale device.
  • the wireless router 110 may determine this in any number of ways, such as with reference to information provided by the secure host 180 . If the wireless router 110 determines that the device being introduced to the configuration is a point of sale device, it assigns the device to a point of sale LAN in step 220 .
  • step 220 can be described as follows.
  • the wireless router 110 will have previously assigned a unique service set identifier (SSID) to the wireless point of sale LAN 120 .
  • the wireless router 110 assigns the wireless device to the wireless point of sale LAN 120 as a wireless point of sale device 125 by associating a unique device identifier of the wireless point of sale device 125 with the SSID of the wireless point of sale LAN 120 .
  • the device identifier may be, for example, a media access control (MAC) address of the wireless point of sale device 125 .
  • MAC media access control
  • step 220 can be described as follows.
  • the wireless router 110 will have previously assigned one or more ports (such as Ethernet ports) to the wired point of sale LAN 140 .
  • the wireless router 110 assigns the wired device to the wired point of sale LAN 140 as a wired point of sale device 145 by, for example, associating a device identifier of the wired point of sale device 145 with one of the ports assigned to the wired point of sale LAN 140 .
  • the device identifier may be, for example, a media access control (MAC) address of the wired point of sale device 145 .
  • MAC media access control
  • step 210 if the wireless router 110 instead determines that the device is not a point of sale device, it assigns the device to a non-point of sale LAN in step 230 .
  • the device is a wireless device
  • a possible implementation of step 230 can be described as follows.
  • the wireless router 110 will have previously assigned a second unique service set identifier (SSID) to the wireless non-point of sale LAN 130 that is different from the SSID of the wireless point of sale LAN 120 .
  • SSID second unique service set identifier
  • the wireless router 110 assigns the wireless device to the wireless non-point of sale LAN 130 as a wireless non-point of sale device 135 by, for example, associating a device identifier of the wireless non-point of sale device 135 with the SSID of the wireless non-point of sale LAN 130 .
  • the device identifier may be, for example, a media access control (MAC) address of the wireless point of sale device 125 .
  • MAC media access control
  • step 230 a possible implementation of step 230 can be described as follows.
  • the wireless router 110 will have previously assigned to the wired non-point of sale LAN 150 a second group of one or more ports (such as Ethernet ports) all or which are different from the ports assigned to the wired point of sale LAN 140 .
  • the wireless router 110 assigns the device to the wired non-point of sale LAN 150 as a wired non-point of sale device 155 by associating a device identifier of the wired non-point of sale device 155 with one of the second group of ports assigned to the wired non-point of sale LAN 150 .
  • the device identifier may be, for example, a media access control (MAC) address of the wired non-point of sale device 155 .
  • MAC media access control
  • the wireless router 110 determines in step 240 that there are still more devices that have been introduced to the system LAN 100 , the wireless router 110 repeats the above-defined process until all devices have been assigned.
  • FIG. 3 is a flow diagram which shows the different data control processes performed depending on the source and destination of data processed by the data control system.
  • the data control system performs the process shown in FIG. 3 upon receipt by the wireless router 110 of a data packet from any source on the system LAN 100 or from the external network 160 .
  • the data control system determines whether the data is from a point of sale LAN.
  • the wireless router 110 determines whether the data is associated with an SSID corresponding to the wireless point of sale LAN 120 or a port assigned to the wired point of sale LAN 140 .
  • the data control system determines in step 310 whether the data is destined for a device on the system LAN 100 .
  • the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to a wireless point of sale device 125 on the wireless point of sale LAN 120 , a wired point of sale device 145 on the wired point of sale LAN 140 , a wireless non-point of sale device 135 on the wireless non-point of sale LAN 130 , or a wired non-point of sale device 155 on the wired non-point of sale LAN 150 .
  • the data control system performs the “POS LAN for System LAN” process in step 315 . This process will be described with reference to FIG. 4 below. If the data from the point of sale LAN is not destined for a device on the system LAN 100 , the data control system determines in step 320 whether the data is destined for the external network 160 . For example, the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to an external internet address. If so, the data control system performs the “Point of Sale LAN for External Network” process in step 325 . This process will be described with reference to FIG. 5 below.
  • the data control system determines whether the data is from a non-point of sale LAN. For example, the wireless router 110 determines whether the data is associated with an SSID corresponding to the wireless non-point of sale LAN 130 or from a port assigned to the wired non-point of sale LAN 150 . Where it is determined in step 330 that the data is from a non-point of sale LAN, the data control system determines in step 335 whether the data is destined for a device on the system LAN 100 .
  • the data control system performs the “Non-POS LAN for System LAN” process in step 340 . This process will be described with reference to FIG. 6 below. If the data from the non-point of sale LAN is not destined for a device on the system LAN 100 , the data control system determines in step 345 whether the data is destined for the external network 160 . For example, the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to an external internet address. If so, the wireless router 110 performs the “Non-POS LAN for External Network” process in step 350 . This process will be described with reference to FIG. 7 below.
  • the data control system determines in step 370 whether the data is destined for a non-point of sale LAN.
  • the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to a wireless non-point of sale device 135 on the wireless non-point of sale LAN 130 or a wired non-point of sale device 155 on the wired non-point of sale LAN 150 . If the data is destined for a non-point of sale LAN, the wireless router 110 performs the “External Network for Non-POS LAN” process in step 375 . This process will be described with reference to FIG. 9 below.
  • a data control system for a local area network prevents point of sale devices from sending data to non-point of sale devices but allows point of sale devices to send data to other point of sale devices on the local area network.
  • the data control system may define a point of sale network within the local area network and determine the data is from the point of sale network if the data is associated with a service set identifier corresponding to a wireless point of sale network or a port corresponding to a wired point of sale network.
  • the data control system may also allow data to be sent to a point of sale device only if it is represented on a white list of approved point of sale devices.
  • the data control system may also prevent wireless point of sale devices from sending data to wired point of sale devices and prevent wired point of sale devices from sending data to wireless point of sale devices.
  • the data control system blocks the data from being sent in step 405 . This could occur, for example, where a point of sale device has been introduced to the system LAN 100 but has not been approved for membership in a point of sale network within the system LAN 100 . If the device from which the data is received is on the white list, the data control system determines in step 410 whether the data from the point of sale LAN is destined for a non-point of sale device.
  • the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to a wireless non-point of sale device 135 on the wireless non-point of sale LAN 130 or a wired non-point of sale device 155 on the wired non-point of sale LAN 150 . If the data is destined for a non-point of sale device, the wireless router 110 blocks the data from being sent to the non-point of sale device in step 415 .
  • the data control system determines whether the data is from a wireless point of sale device and destined for a wired point of sale device. For example, the wireless router 110 determines whether the data is associated with an SSID assigned to the wireless point of sale LAN 120 and examines the data packet to determine whether the destination IP address contained therein corresponds to a wired point of sale device 145 on the wired point of sale LAN 140 . If so, the wireless router 110 blocks the data from being sent to the wired point of sale LAN 140 in step 425 .
  • the data control system determines whether the data is from a wired point of sale device and destined for a wireless point of sale device. For example, the wireless router 110 determines whether the data is from a port assigned to a wired point of sale device 145 on the wired point of sale LAN 140 and examines the data packet to determine whether the destination IP address contained therein corresponds to a wireless point of sale device 125 on the wireless point of sale LAN 120 . If so, the wireless router 110 blocks the data from being sent to the wireless point of sale LAN 120 in step 435 .
  • the data control system allows point of sale devices to send data to the external network via a secure connection but prevents the point of sale devices from sending data to the external network other than via the secure connection.
  • the secure connection is, for example, a virtual private network connection.
  • the data control system may allow only devices on a white list of approved point of sale devices to send data to the external network.
  • the data control system may also allow the point of sale devices to send data only to an authorized destination on the external network.
  • FIG. 5 is a flow diagram illustrating the “POS LAN for External Network” process performed by the data control system for data from a device on a point of sale LAN that is destined for a location on the external network.
  • the device may be on the wireless point of sale LAN 120 or on the wired point of sale LAN 140 .
  • the process illustrated in FIG. 5 allows the device to send data over the external network 160 under certain circumstances, but only via a secure connection.
  • the secure connection is, for example, a virtual private network (VPN) connection which provides a secure pathway over the external network 160 from the router 110 to a particular destination such as the payment host 170 or the secure host 180 .
  • the VPN is created, for example, by an OpenVPN software program on the wireless router 110 .
  • An OpenVPN server on the secure host 180 interacts with the OpenVPN program on the wireless router 110 to establish an encrypted VPN tunnel between the wireless router 110 and the secure host 180 using a VPN session key that is periodically renegotiated, preferably at least once every 24 hours.
  • the data control system determines whether the device attempting to send data to the external network 160 is on a white list of approved POS devices.
  • the white list is maintained by the wireless router 110 based on information received from the secure host 180 and contains, for example, the MAC address of each wireless point of sale device 125 or wired point of sale device 145 that has been approved as a point of sale device on the system LAN. If the data is from a device that is not on the white list, the data control system prevents the data from being sent over the VPN in step 520 . As noted above, this could occur where a point of sale device has been introduced to the system LAN 100 but has not been approved for membership in a point of sale network within the system LAN 100 .
  • the data control system may block the data altogether when it is not from a POS device on the white list.
  • the data control system may allow the data to be sent to a location on the external network 160 via an unsecure connection, either without restriction or limited to specified locations.
  • the data control system determines in step 530 whether the point of sale device is attempting to send data to an authorized destination on the external network 160 .
  • the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to the IP address of the secure host 180 or payment host 170 , and if not, prevents the data from being sent over the VPN in step 520 .
  • the wireless router 110 may allow all data from a point of sale device on the white list to be sent via the VPN to the secure host 180 , and the secure host 180 may determine whether the data can be sent further depending on whether it is destined for an authorized destination.
  • the data control system Upon determining that the data is from a point of sale device on the white list and determining that the data is destined for an authorized destination, the data control system allows the point of sale device in step 540 to send the data to the external network 160 via the VPN.
  • the secure connection of the VPN protects the data when sent from the wireless router 110 over the external network 160 .
  • a form of encryption is also employed to protect the data exchanged between the point of sale device and the wireless router 110 .
  • the wireless point of sale device 125 and wireless router 110 utilize Wi-Fi Protected Access (WPA) encryption to encrypt the data.
  • WPA passphrase will have been created by the secure host 180 and provided to the merchant to enter into the wireless point of sale device 125 at the time of configuration.
  • a data control system for a local area network prevents non-point of sale devices from sending data to point of sale devices on the local area network but allows non-point of sale devices to send data to other non-point of sale devices on the local area network.
  • the data control system may define a non-point of sale network within the local area network and determine the data is from the non-point of sale network if the data is associated with a service set identifier corresponding to a wireless non-point of sale network or a port corresponding to a wired non-point of sale network.
  • the data control system may also prevent wireless non-point of sale devices from sending data to wired non-point of sale devices and prevent wired non-point of sale devices from sending data to wireless non-point of sale devices.
  • FIG. 6 is a flow diagram illustrating the “Non-POS LAN for System LAN” process performed by the data control system for data from a non-point of sale LAN that is destined for a location on the system LAN.
  • the non-point of sale LAN may be the wireless non-point of sale LAN 130 or the wired non-point of sale LAN 150 .
  • the wireless router 110 determines whether the data from the non-point of sale LAN is destined for a point of sale device. For example, the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to a wireless point of sale device 125 on the wireless point of sale LAN 120 or a wired point of sale device 145 on the wired point of sale LAN 140 . If the data is destined for a point of sale device, the data control system blocks the data from being sent to the non-point of sale device in step 615 .
  • the data control system in step 640 allows the non-point of sale device to send the data over the system LAN 100 without regard to whether communication between wired and wireless devices is involved.
  • additional steps 620 and 630 may be taken to separate wired and wireless non-point of sale devices similar to the separation of wired and wireless point of sale devices described above.
  • the data control system determines whether the data is from a wireless non-point of sale device and destined for a wired non-point of sale device. For example, the wireless router 110 determines whether the data is associated with an SSID assigned to the wireless non-point of sale LAN 130 and examines the data packet to determine whether the destination IP address contained therein corresponds to a wired non-point of sale device 155 on the wired point of sale LAN 150 . If so, the wireless router 110 blocks the data from being sent to the wired non-point of sale device 155 in step 625 .
  • the data control system determines whether the data is from a wired non-point of sale device to a wireless non-point of sale device. For example, the wireless router 110 determines whether the data is from a port assigned to a wired non-point of sale device 155 on the wired non-point of sale LAN 150 and examines the data packet to determine whether the destination IP address contained therein corresponds to a wireless non-point of sale device 135 on the wireless non-point of sale LAN 130 . If so, the wireless router 110 blocks the data from being sent to the wireless non-point of sale device 135 in step 635 .
  • step 640 having confirmed that the data is not destined for a point of sale device or from a wireless to wired or wired to wireless device, the data control system allows the non-point of sale device to send the data over the system LAN 100 .
  • some form of encryption may be employed.
  • the wireless non-point of sale device 135 and wireless router 110 may utilize Wi-Fi Protected Access (WPA) encryption to encrypt the data.
  • WPA passphrase will have been created by the secure host 180 and provided to the merchant to enter into the wireless point of sale device 125 at the time of configuration.
  • the data control system prevents non-point of sale devices from sending data over the external network via a secure connection reserved for point of sale devices, but allows non-point of sale devices to send data over the external network other than via the secure connection.
  • the secure connection is, for example, a virtual private network connection.
  • the data control system may allow the data from non-point of sale devices to be sent only if it is not destined for a restricted destination.
  • the restricted destination may be, for example, the secure host or the payment host.
  • FIG. 7 is a flow diagram illustrating the “Non-POS LAN for External Network” process performed by the data control system for data from a non-point of sale device that is destined for a location on the external network.
  • the non-point of sale device may be a wireless non-point of sale device 135 on the wireless non-point of sale LAN 130 or a wired non-point of sale device 155 on the wired non-point of sale LAN 150 .
  • the data control system determines whether the data from the non-point of sale device is destined for a restricted destination on the external network 160 . For example, the data control system examines the data packet to determine whether the destination IP address contained therein corresponds to the IP address of the payment host 170 or the secure host 180 .
  • the data control system determines in step 710 that the data is destined for a restricted destination on the external network 160 , the data control system logs the attempt to connect to the external network 160 in step 715 and then blocks the data from being sent over the external network 160 in step 720 .
  • the log may be provided from the wireless router 110 to the secure host 160 and utilized, for example, to monitor the system LAN 100 .
  • the data control system allows point of sale devices on the local area network to receive data from the external network if received from the external network via a secure connection, but prevents point of sale devices from receiving data from the external network if not received via a secure connection.
  • the secure connection is, for example, a virtual private network connection.
  • the data control system may allow the data to be sent to the point of sale device only if it is associated with a communication session initiated by the point of sale device.
  • the data control system may also allow the data to be sent to the point of sale device only if it is received from an authorized source on the external network.
  • the data control system determines in step 830 whether the data is associated with a data communication session that was initiated by the point of sale device for which the data is now destined. If the data communication was not initiated by the point of sale device, the data control system blocks the data from being sent to the point of sale device in step 820 .
  • the data control system determines in step 840 whether the data from the external network 160 is from an authorized source. For example, the wireless router 110 examines the data packet to determine whether the source internet protocol (IP) address contained therein corresponds to the IP address of the payment host 170 or secure host 180 . If the data was not from an authorized source, the wireless router 110 blocks the data from being sent to the point of sale device in step 820 .
  • IP internet protocol
  • the data control system allows the data from the external network 160 to be sent to the point of sale device.
  • an intrusion detection system is employed to protect the wireless point of sale LAN 120 and wired point of sale LAN 140 from external attacks.
  • the wireless router 110 runs the “Snort” open source software program, provided by Sourcefire, Inc.
  • the intrusion detection system provides an alarm signal to the secure host 180 upon detecting data traffic indicative of a possible external attack based on predetermined criteria.
  • the secure host 180 may then communicate with the wireless router 110 to take preventative or corrective action including, if necessary, shutting down some or all data traffic on the system LAN 100 until resolution or clearance from the secure host 180 .
  • the wireless router 110 may initiate its own preventative or corrective action.
  • the data control system allows non-point of sale devices on the LAN to receive data from the external network when established conditions are met.
  • the data control system may allow the data to be sent to the non-point of sale devices only, for example, when the data is associated with a communication session initiated by the non-point of sale device.
  • the data control system may also allow the data to be sent to the non-point of sale device only if it is not received from a restricted source.
  • the restricted source may be, for example, the secure host, the payment host, or any unidentified source.
  • the data control system may allow the data to be sent to the non-point of sale device only if the data has not been received via a secure connection reserved for point of sale devices.
  • the secure connection is, for example, a virtual private network connection.
  • FIG. 9 is a flow diagram illustrating the “External Network for Non-POS LAN” process performed by the data control system for data from the external network that is destined for a non-point of sale device on the system LAN.
  • the non-point of sale device may be a wireless non-point of sale device 135 on the wireless non-point of sale LAN 130 or a wired non-point of sale device 155 on the wired non-point of sale LAN 150 .
  • the data control system determines whether the data received from the external network 160 is from a restricted source that has been designated as a source that the non-point of sale devices are not allowed to received data from. For example, the wireless router 110 examines the data packet to determine whether the source internet protocol (IP) address contained therein corresponds to the IP address of the payment host 170 or secure host 180 .
  • IP internet protocol
  • a restricted source could also include any unidentified sources or sources not previously designated as sources the non-point of sale devices are authorized to receive data from based on information maintained by the wireless router 110 and/or the secure host 180 .
  • a restricted source may also be any source from which data is received via the VPN connection. If the data is from a restricted source, the data control system blocks the data from being sent to the non-point of sale device in step 920 .
  • the data control system determines in step 930 whether the data communication session was initiated by the non-point of sale device for which the data is now destined. If data communication was not initiated by the non-point of sale device, the wireless router 110 blocks the data from being sent to the non-point of sale device in step 920 . In step 950 , upon confirming that the data communication was initiated by the non-point of sale device for which the data is destined and not received from a restricted source, the wireless router 110 allows the data from the external network 160 to be sent to the point of sale device.
  • an intrusion detection system is employed to protect the wireless non-point of sale LAN 130 and wired non-point of sale LAN 150 from external attacks.
  • the wireless router 110 runs the “Snort” open source software program, provided by Sourcefire, Inc.
  • the intrusion detection system provides an alarm signal to the secure host 180 upon detecting data traffic indicative of a possible external attack based on predetermined criteria.
  • the secure host 180 may then communicate with the wireless router 110 to take preventative or corrective action including, if necessary, shutting down some or all data traffic on the system LAN 100 until resolution or clearance from the secure host 180 .
  • the wireless router 110 may initiate its own preventative or corrective action.
  • FIG. 10 is a flow diagram illustrating the process of managing the white list of approved POS devices.
  • the wireless router 110 utilizes the white list to determine which devices are allowed to access authorized destinations on the external network 160 .
  • the process shown in FIG. 10 is performed by the secure host 180 at an initial configuration of the system LAN 100 and at any later time as necessary to modify the definition of approved point of sale devices, such as when adding new devices to the system LAN 100 at a later time.
  • the secure host 180 determines whether a device has been identified as an authorized point of sale device.
  • a device may be identified by a human operator or by an automated process which determines the device to be a legitimate point of sale device dedicated to processing point of sale transactions. Approval of the device may also require authentication and/or corroboration with information identifying the device in possession of the merchant.
  • the secure host 180 determines in step 1010 that the device is an approved point of sale device, it adds a device identifier such as a media access control (MAC) address of the device to a white list in step 1020 . If the secure host 180 determines in step 1030 that more devices remain to be considered, the secure host 180 repeats the above steps until all point of sale devices have been considered. Thereafter, the secure host 180 sends the white list to the wireless router 110 in step 1040 .
  • MAC media access control

Abstract

A data control system allows non-point of sale devices (135, 155) on the LAN to receive data from an external network (160) when established conditions are met. The data control system may allow the data to be sent to a non-point of sale device (135, 155) only if the data has not been received via a secure connection reserved for point of sale devices (125, 145). The secure connection is, for example, a virtual private network connection. The data control system may also allow the data to be sent to a non-point of sale device (135, 155) only if the data is associated with a communication session initiated by the non-point of sale device (135, 155). The data control system may also allow the data to be sent to the non-point of sale device (135, 155) only if it is not received from a restricted source. The restricted source may be, for example, a payment host (170), a secure host (180) or any unidentified source.

Description

FIELD OF THE INVENTION
The present invention relates to local area networks and, more particularly, to a local area network with point of sale devices.
BACKGROUND OF THE INVENTION
A point of sale system allows a customer to purchase goods or services from a merchant using a payment card (such as a credit card) issued by a financial institution with which the customer has an account. The system transmits payment information associated with the purchase over a network to a payment host which authorizes and processes the transaction on behalf of a payment processor associated with the financial institution.
A point of sale system may have a number of terminals providing service to customers at multiple physical points within the merchant's business location. Such terminals can now be found in the form of wireless devices that can service payment transactions in a flexible variety of locations. In a restaurant, for example, customers can pay for meals at the table by swiping a payment card at a portable wireless point of sale terminal carried by a waiter. This provides potentially greater efficiency and security as the customer does not have to surrender the payment card to effectuate the payment transaction.
One way of providing such a point of sale system is by utilizing a local area network (LAN) with wireless capability. Such a LAN can be implemented with a wireless router that communicates with one or more wireless devices within a reasonably short range and also connects to an external network. The wireless router can thus allow a number of wireless point of sale terminals in a shop or singularly located business to communicate with the appropriate payment host over the internet, thus allowing for payment transactions to be processed.
As payment transactions involve sensitive cardholder data, it is essential that this data is inaccessible to parties and processes that are not an intended part of the transaction. This inaccessibility may be compromised if point of sale devices are allowed to communicate with non-point of sale devices. This is because point of sale devices are normally designed to prevent unauthorized access or non-payment related uses, whereas non-point of sale devices cannot be assumed to have such restrictions. For this reason, current best practices dictate that point of sale devices should not be allowed to share the same immediate local network with non-point of sale devices. This practice is also mandated by the Payment Card Industry Data Security Standard (PCI-DSS) which has been developed to secure payment card data. Compliance with this standard is very important as it is typically required of merchants by acquirers associated with popular payment cards such as VISA and MasterCard.
Implementing a point of sale system on a LAN as described above therefore introduces security concerns that are not present in conventional systems designed exclusively for point of sale devices. This is because the router that implements the LAN will also have the capability of communication with other devices on the LAN, which may include non-point of sale devices. Although this problem might be solved by the merchant adopting a practice that only point of sale devices can be members of the LAN, there is no simple means of ensuring continual compliance with such a practice. Furthermore, especially in the case of smaller merchants, it may be unreasonable to expect separate physical networks to be maintained for both point of sale devices and other kinds of devices that the merchant may need or wish to operate.
An additional concern is that a router as described above may allow for devices to be connected both wirelessly and by wire. Although this provides a potentially advantageous capability, as a practical matter one form of connection may be less secure than the other, and thus combining both wired and wireless connections on a same LAN may potentially weaken the security of devices connected by the more secure method. It is therefore desirable to provide a means for securing data on a local area network with point of sale devices as well as non-point of sale devices. It is also desirable to provide a means for securing data when such a local area network has both wired and wireless devices.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention is described in terms of the preferred embodiments set out below and with reference to the following drawings in which like reference numerals are used to refer to like elements throughout.
FIG. 1 is a block diagram illustrating a system in which an embodiment of the invention is provided.
FIG. 2 is a flow diagram illustrating configuration of a point of sale LAN in accordance with an embodiment of the invention.
FIG. 3 is a flow diagram illustrating the data control performed by a data control system in various aspects of the invention.
FIG. 4 is a flow diagram illustrating a process performed by the data control system for data from a point of sale LAN that is destined for a location on the system LAN.
FIG. 5 is a flow diagram illustrating a process performed by the data control system for data from a point of sale LAN that is destined for a location on the external network.
FIG. 6 is a flow diagram illustrating the process performed by the data control system for data from a non-point of sale device that is destined for a location on the system LAN.
FIG. 7 is a flow diagram illustrating the process performed by the data control system for data from a non-point of sale device that is destined for a location on the external network.
FIG. 8 is a flow diagram illustrating the process performed by the data control system for data from the external network that is destined for a point of sale device on the system LAN.
FIG. 9 is a flow diagram illustrating the process performed by the data control system for data from the external network that is destined for a non-point of sale device on the system LAN.
FIG. 10 is a flow diagram illustrating the process of managing a white list of approved point of sale devices in accordance with an embodiment of the invention.
It should be understood that the flow diagrams provided herein represent logical relationships among functions in order to generally illustrate functional elements that are provided in various embodiments of the invention. One of ordinary skill in the art will recognize that the elements described in these flow diagrams may be arranged differently while still, where consistent with the description herein, remaining within the spirit and scope of the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
A method and system are described for securing data on a local area network (LAN) that includes point of sale devices as well as non-point of sale devices. A point of sale device can be defined as a device which is dedicated to processing point of sale transactions and which stores, processes or transmits cardholder data or other sensitive information related to processing a payment made by a payment card, and is thus designed to prevent unauthorized access or uses unrelated to payment transactions. A non-point of sale device can be defined as a computing device which is capable of sending data to and/or receiving data from other devices but which is not a point of sale device as defined above.
In one aspect of the invention, a point of sale network is defined within the LAN which includes point of sale devices but excludes non-point of sale devices. In a second aspect of the invention, point of sale devices are prevented from sending data to non-point of sale devices on the LAN. In a third aspect of the invention, point of sale devices are prevented from sending data to an external network other than via a secure connection. In a fourth aspect of the invention, non-point of sale devices are prevented from sending data to point of sale devices on the LAN. In a fifth aspect of the invention, non-point of sale devices are prevented from sending data to the external network via a secure connection reserved for point of sale devices. In a sixth aspect of the invention, point of sale devices are prevented from receiving data from the external network other than via a secure connection. In a seventh aspect of the invention, non-point of sale devices are allowed to receive data from the external network when established conditions are met. By controlling the data in this fashion, cardholder data and other sensitive information related to point of sale transactions are protected even though the point of sale devices share the LAN with non-point of sale devices.
In the above described aspects, the LAN may include wired point of sale or non-point of sale devices as well as wireless point of sale or non-point of sale devices. In correspondingly appropriate variations of the above described aspects, wireless devices may be prevented from sending data to wired devices and wired devices may be prevented from sending data to wireless devices. Other aspects, additions and variations will be apparent to one of ordinary skill in the art based on the description herein.
Configuration
FIG. 1 is a block diagram illustrating a system in which an embodiment of the invention is provided. The system has a system LAN 100 which includes and is implemented by a wireless router 110. The system LAN 100 includes a wireless point of sale LAN 120, wireless non-point of sale LAN 130, wired point of sale LAN 140 and wired non-point of sale LAN 150. The system LAN 100 is also connected to an external network 160 which is, for example, a wide area network (WAN) such as the internet. A payment host 170 is connected to the external network 160. The payment host 170 processes payment transactions initiated by point of sale devices on the system LAN 100. A secure host 180 is also provided on the external network 160. The secure host 180 secures data that is transmitted between the system LAN 100 and the payment host 170, and may also provide additional functions related to payment processing and configuration and security of the system LAN 100.
The wireless router 110 is a conventional wireless router that is capable of being configured to provide the functions described herein. In a preferred embodiment, the wireless router 110 is an ASUS WL-500g Premium running OpenWrt, a version of the Linux operating system for embedded devices. The wireless router 110 includes one or more Wi-Fi antennas which transmit and receive to and from devices on the wireless point of sale LAN 120 and wireless non-point of sale LAN 130. The wireless router 110 may also include Ethernet ports which connect to devices on the wired point of sale LAN 140 and wired non-point of sale LAN 150. The wireless router 110 also includes a WAN port which connects to the external network 160.
The wireless router 110 defines the wireless point of sale LAN 120, wireless non-point of sale LAN 130, wired point of sale LAN 140 and wired non-point of sale LAN 150 each as a separate virtual LAN (VLAN.) Only point of sale devices can be members of the wireless point of sale LAN 120 or wired point of sale LAN 140, and only non-point of sale devices can be members of the wireless non-point of sale LAN 130 or wired non-point of sale LAN 150. Additionally, only wireless devices can be members of the wireless point of sale LAN 120 or wireless non-point of sale LAN 130, and only wired devices can be members of the wired point of sale LAN 140 or wired non-point of sale LAN 150. One of ordinary skill in the art will readily implement appropriate VLANs to accomplish such rules consistent with the objectives and environment at hand in accordance with the general description provided herein.
The wireless point of sale LAN 120 includes one or more wireless point of sale devices 125 which communicate wirelessly with the wireless router 110. The wired point of sale LAN 140 includes one or more wired point of sale devices 145 connected by wire to the wireless router 110. A wireless point of sale device 125 or wired point of sale device 145 may be, for example, a point of sale terminal which accepts payment information in order to process a sales transaction. A wireless point of sale device 125 or wired point of sale device 145 could also be a dedicated computer which processes payment transactions or administers point of sale devices and related configuration information.
The wireless non-point of sale LAN 130 includes one or more wireless non-point of sale devices 135 which communicate wirelessly with the wireless router 110. The wired non-point of sale LAN 150 includes one or more wired non-point of sale devices 155 connected by wire to the wireless router 110. A wireless non-point of sale device 135 or wired non-point of sale device 155 may be, for example, a personal computer used by one or more individuals affiliated with the merchant who maintains the system LAN 100. Such individuals may use the personal computer for web browsing, email or numerous other purposes that warrant at least partially unrestricted access by the personal computer to hosts or devices on the external network 160 or system LAN 100, as well as access to the personal computer by such hosts or devices.
Configuration of the Point of Sale LAN
In one aspect of the invention, a data control system defines within a local area network a point of sale network which includes point of sale devices but excludes non-point of sale devices. The data control system is implemented by a router working in combination with a secure host on an external network to which the router is connected. The point of sale devices may include wireless devices which communicate wirelessly with the router such as via a Wi-Fi connection, and may also include wired devices connected by wire to the router such as via an Ethernet connection. Similarly, the non-point of sale devices may be wireless or wired devices. The data control system may additionally define a non-point of sale network which includes the non-point of sale devices. The point of sale network and the non-point of sale network may each be defined as a virtual local area network.
FIG. 2 is a flow diagram illustrating configuration of a wireless point of sale LAN in accordance with an embodiment of the invention. The process shown in FIG. 2 defines a wireless point of sale LAN which includes point of sale devices and excludes non-point of sale devices. This process is performed by the wireless router 110 at an initial configuration of the system LAN 100 and may also be performed at any later time as necessary to update the configuration, such as when a new device is added to the system LAN 100.
In step 210, the wireless router 110 determines whether a device that is being introduced to the configuration is a point of sale device. The wireless router 110 may determine this in any number of ways, such as with reference to information provided by the secure host 180. If the wireless router 110 determines that the device being introduced to the configuration is a point of sale device, it assigns the device to a point of sale LAN in step 220.
Where the device is a wireless device, one possible implementation of step 220 can be described as follows. The wireless router 110 will have previously assigned a unique service set identifier (SSID) to the wireless point of sale LAN 120. The wireless router 110 assigns the wireless device to the wireless point of sale LAN 120 as a wireless point of sale device 125 by associating a unique device identifier of the wireless point of sale device 125 with the SSID of the wireless point of sale LAN 120. The device identifier may be, for example, a media access control (MAC) address of the wireless point of sale device 125.
Where the device is a wired device, one possible implementation of step 220 can be described as follows. The wireless router 110 will have previously assigned one or more ports (such as Ethernet ports) to the wired point of sale LAN 140. The wireless router 110 assigns the wired device to the wired point of sale LAN 140 as a wired point of sale device 145 by, for example, associating a device identifier of the wired point of sale device 145 with one of the ports assigned to the wired point of sale LAN 140. As described above, the device identifier may be, for example, a media access control (MAC) address of the wired point of sale device 145.
Returning to step 210, if the wireless router 110 instead determines that the device is not a point of sale device, it assigns the device to a non-point of sale LAN in step 230. Where the device is a wireless device, a possible implementation of step 230 can be described as follows. The wireless router 110 will have previously assigned a second unique service set identifier (SSID) to the wireless non-point of sale LAN 130 that is different from the SSID of the wireless point of sale LAN 120. The wireless router 110 assigns the wireless device to the wireless non-point of sale LAN 130 as a wireless non-point of sale device 135 by, for example, associating a device identifier of the wireless non-point of sale device 135 with the SSID of the wireless non-point of sale LAN 130. The device identifier may be, for example, a media access control (MAC) address of the wireless point of sale device 125.
Where the device is a wired device, a possible implementation of step 230 can be described as follows. The wireless router 110 will have previously assigned to the wired non-point of sale LAN 150 a second group of one or more ports (such as Ethernet ports) all or which are different from the ports assigned to the wired point of sale LAN 140. The wireless router 110 assigns the device to the wired non-point of sale LAN 150 as a wired non-point of sale device 155 by associating a device identifier of the wired non-point of sale device 155 with one of the second group of ports assigned to the wired non-point of sale LAN 150. As above, the device identifier may be, for example, a media access control (MAC) address of the wired non-point of sale device 155.
If the wireless router 110 determines in step 240 that there are still more devices that have been introduced to the system LAN 100, the wireless router 110 repeats the above-defined process until all devices have been assigned.
Data Control
FIGS. 3-9 are flow diagrams illustrating the data control that is performed in various aspects of the invention. FIGS. 3-9 are performed by a data control system which comprises the wireless router 110 and, depending on the implementation, may also include the secure host 180 in the case of some functional elements. The flow diagrams provided herein represent logical relationships among functions in order to generally illustrate functional elements that are provided in various embodiments of the invention. The processes shown in FIGS. 3-9 are broken out and arranged for the purpose of logically describing the functional concepts in various aspects of the invention. One of ordinary skill in the art will recognize that the elements described in these flow diagrams may be arranged differently while still, where consistent with the description herein, remaining within the spirit and scope of the invention. For example, the steps described may be performed in different sequential or event-driven orders in alternative versions of the aspects represented.
FIG. 3 is a flow diagram which shows the different data control processes performed depending on the source and destination of data processed by the data control system. The data control system performs the process shown in FIG. 3 upon receipt by the wireless router 110 of a data packet from any source on the system LAN 100 or from the external network 160. In step 305, the data control system determines whether the data is from a point of sale LAN. For example, the wireless router 110 determines whether the data is associated with an SSID corresponding to the wireless point of sale LAN 120 or a port assigned to the wired point of sale LAN 140.
Where is it determined in step 305 that the data is from a point of sale LAN, the data control system determines in step 310 whether the data is destined for a device on the system LAN 100. For example, the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to a wireless point of sale device 125 on the wireless point of sale LAN 120, a wired point of sale device 145 on the wired point of sale LAN 140, a wireless non-point of sale device 135 on the wireless non-point of sale LAN 130, or a wired non-point of sale device 155 on the wired non-point of sale LAN 150.
If the data from the point of sale LAN is destined for a device on the system LAN 100, the data control system performs the “POS LAN for System LAN” process in step 315. This process will be described with reference to FIG. 4 below. If the data from the point of sale LAN is not destined for a device on the system LAN 100, the data control system determines in step 320 whether the data is destined for the external network 160. For example, the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to an external internet address. If so, the data control system performs the “Point of Sale LAN for External Network” process in step 325. This process will be described with reference to FIG. 5 below.
In step 330, the data control system determines whether the data is from a non-point of sale LAN. For example, the wireless router 110 determines whether the data is associated with an SSID corresponding to the wireless non-point of sale LAN 130 or from a port assigned to the wired non-point of sale LAN 150. Where it is determined in step 330 that the data is from a non-point of sale LAN, the data control system determines in step 335 whether the data is destined for a device on the system LAN 100. For example, the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to an internal IP address of the wireless point of sale device 125 on the wireless point of sale LAN 120, a wired point of sale device 145 on the wired point of sale LAN 140, a wireless non-point of sale device 135 on the wireless non-point of sale LAN 130 or a wired non-point of sale device 155 on the wired non-point of sale LAN 150.
If the data from the non-point of sale LAN is destined for a device on the system LAN 100, the data control system performs the “Non-POS LAN for System LAN” process in step 340. This process will be described with reference to FIG. 6 below. If the data from the non-point of sale LAN is not destined for a device on the system LAN 100, the data control system determines in step 345 whether the data is destined for the external network 160. For example, the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to an external internet address. If so, the wireless router 110 performs the “Non-POS LAN for External Network” process in step 350. This process will be described with reference to FIG. 7 below.
In step 355, the data control system determines whether the data is from the external network 160. For example, the wireless router 110 determines whether the data is received from a wide area network (WAN) port through which the router 110 is connected to the external network 160. If so, the data control system determines whether the data is destined for a point of sale LAN. For example, the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to a wireless point of sale device 125 on the wireless point of sale LAN 120 or a wired point of sale device 145 on the wired point of sale LAN 140.
If the data from the external network is destined for a point of sale device, the data control system performs the “External Network for POS LAN” process in step 365. This process will be described with reference to FIG. 8 below. If the data from the external network is not destined for a point of sale LAN, the data control system determines in step 370 whether the data is destined for a non-point of sale LAN.
For example, the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to a wireless non-point of sale device 135 on the wireless non-point of sale LAN 130 or a wired non-point of sale device 155 on the wired non-point of sale LAN 150. If the data is destined for a non-point of sale LAN, the wireless router 110 performs the “External Network for Non-POS LAN” process in step 375. This process will be described with reference to FIG. 9 below.
Data from the Point of Sale LAN Over the System LAN
In another aspect of the invention, a data control system for a local area network prevents point of sale devices from sending data to non-point of sale devices but allows point of sale devices to send data to other point of sale devices on the local area network. The data control system may define a point of sale network within the local area network and determine the data is from the point of sale network if the data is associated with a service set identifier corresponding to a wireless point of sale network or a port corresponding to a wired point of sale network. The data control system may also allow data to be sent to a point of sale device only if it is represented on a white list of approved point of sale devices. The data control system may also prevent wireless point of sale devices from sending data to wired point of sale devices and prevent wired point of sale devices from sending data to wireless point of sale devices.
FIG. 4 is a flow diagram illustrating the “POS LAN for System LAN” process performed by the data control system for data from a point of sale LAN that is destined for a location on the system LAN. The data is received, for example, from the wireless point of sale LAN 120 or the wired point of sale LAN 140. In step 400, the data control system determines whether the device from which the data is received is on a white list of approved point of sale devices. In one possible embodiment, the white list is maintained by the wireless router 110 based on information received from the secure host 180. The white list contains, for example, a media access control (MAC) address of each wireless point of sale device 125 or wired point of sale device 145 that has been approved as a point of sale device on the system LAN. Management of the white list is described later in the specification with reference to FIG. 10.
If the data is from a device that is not on the white list, the data control system blocks the data from being sent in step 405. This could occur, for example, where a point of sale device has been introduced to the system LAN 100 but has not been approved for membership in a point of sale network within the system LAN 100. If the device from which the data is received is on the white list, the data control system determines in step 410 whether the data from the point of sale LAN is destined for a non-point of sale device. For example, the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to a wireless non-point of sale device 135 on the wireless non-point of sale LAN 130 or a wired non-point of sale device 155 on the wired non-point of sale LAN 150. If the data is destined for a non-point of sale device, the wireless router 110 blocks the data from being sent to the non-point of sale device in step 415.
In step 420, the data control system determines whether the data is from a wireless point of sale device and destined for a wired point of sale device. For example, the wireless router 110 determines whether the data is associated with an SSID assigned to the wireless point of sale LAN 120 and examines the data packet to determine whether the destination IP address contained therein corresponds to a wired point of sale device 145 on the wired point of sale LAN 140. If so, the wireless router 110 blocks the data from being sent to the wired point of sale LAN 140 in step 425.
In step 430, the data control system determines whether the data is from a wired point of sale device and destined for a wireless point of sale device. For example, the wireless router 110 determines whether the data is from a port assigned to a wired point of sale device 145 on the wired point of sale LAN 140 and examines the data packet to determine whether the destination IP address contained therein corresponds to a wireless point of sale device 125 on the wireless point of sale LAN 120. If so, the wireless router 110 blocks the data from being sent to the wireless point of sale LAN 120 in step 435.
In step 440, the data control system allows the point of sale device to send data over the system LAN 100 having confirmed that the data is not destined for a non-point of sale device and is not from a wireless to a wired device or from a wired to a wireless device. In a preferred embodiment, a form of encryption is employed to protect the data sent over the system LAN 100. For example, the wireless point of sale device 125 and wireless router 110 utilize Wi-Fi Protected Access (WPA) encryption to encrypt the data. A WPA passphrase will have been created by the secure host 180 and provided to the merchant to enter into the wireless point of sale device 125 at the time of configuration.
Data from the Point of Sale LAN Over the External Network
In another aspect of the invention, the data control system allows point of sale devices to send data to the external network via a secure connection but prevents the point of sale devices from sending data to the external network other than via the secure connection. The secure connection is, for example, a virtual private network connection. The data control system may allow only devices on a white list of approved point of sale devices to send data to the external network. The data control system may also allow the point of sale devices to send data only to an authorized destination on the external network.
FIG. 5 is a flow diagram illustrating the “POS LAN for External Network” process performed by the data control system for data from a device on a point of sale LAN that is destined for a location on the external network. The device may be on the wireless point of sale LAN 120 or on the wired point of sale LAN 140. The process illustrated in FIG. 5 allows the device to send data over the external network 160 under certain circumstances, but only via a secure connection. The secure connection is, for example, a virtual private network (VPN) connection which provides a secure pathway over the external network 160 from the router 110 to a particular destination such as the payment host 170 or the secure host 180. The VPN is created, for example, by an OpenVPN software program on the wireless router 110. An OpenVPN server on the secure host 180 interacts with the OpenVPN program on the wireless router 110 to establish an encrypted VPN tunnel between the wireless router 110 and the secure host 180 using a VPN session key that is periodically renegotiated, preferably at least once every 24 hours.
In step 510, the data control system determines whether the device attempting to send data to the external network 160 is on a white list of approved POS devices. In one possible embodiment, as explained with reference to FIG. 4, the white list is maintained by the wireless router 110 based on information received from the secure host 180 and contains, for example, the MAC address of each wireless point of sale device 125 or wired point of sale device 145 that has been approved as a point of sale device on the system LAN. If the data is from a device that is not on the white list, the data control system prevents the data from being sent over the VPN in step 520. As noted above, this could occur where a point of sale device has been introduced to the system LAN 100 but has not been approved for membership in a point of sale network within the system LAN 100.
In one embodiment, the data control system may block the data altogether when it is not from a POS device on the white list. In an alternative embodiment, the data control system may allow the data to be sent to a location on the external network 160 via an unsecure connection, either without restriction or limited to specified locations.
In addition determining in step 510 that the data is from a point of sale device on the white list, the data control system determines in step 530 whether the point of sale device is attempting to send data to an authorized destination on the external network 160. In one possible implementation, the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to the IP address of the secure host 180 or payment host 170, and if not, prevents the data from being sent over the VPN in step 520. In another possible implementation, the wireless router 110 may allow all data from a point of sale device on the white list to be sent via the VPN to the secure host 180, and the secure host 180 may determine whether the data can be sent further depending on whether it is destined for an authorized destination.
Upon determining that the data is from a point of sale device on the white list and determining that the data is destined for an authorized destination, the data control system allows the point of sale device in step 540 to send the data to the external network 160 via the VPN. The secure connection of the VPN protects the data when sent from the wireless router 110 over the external network 160. In a preferred embodiment, a form of encryption is also employed to protect the data exchanged between the point of sale device and the wireless router 110. For example, the wireless point of sale device 125 and wireless router 110 utilize Wi-Fi Protected Access (WPA) encryption to encrypt the data. A WPA passphrase will have been created by the secure host 180 and provided to the merchant to enter into the wireless point of sale device 125 at the time of configuration.
Data from the Non-Point of Sale LAN Over the System LAN
In another aspect of the invention, a data control system for a local area network prevents non-point of sale devices from sending data to point of sale devices on the local area network but allows non-point of sale devices to send data to other non-point of sale devices on the local area network. The data control system may define a non-point of sale network within the local area network and determine the data is from the non-point of sale network if the data is associated with a service set identifier corresponding to a wireless non-point of sale network or a port corresponding to a wired non-point of sale network. The data control system may also prevent wireless non-point of sale devices from sending data to wired non-point of sale devices and prevent wired non-point of sale devices from sending data to wireless non-point of sale devices.
FIG. 6 is a flow diagram illustrating the “Non-POS LAN for System LAN” process performed by the data control system for data from a non-point of sale LAN that is destined for a location on the system LAN. The non-point of sale LAN may be the wireless non-point of sale LAN 130 or the wired non-point of sale LAN 150. In step 610, the wireless router 110 determines whether the data from the non-point of sale LAN is destined for a point of sale device. For example, the wireless router 110 examines the data packet to determine whether the destination IP address contained therein corresponds to a wireless point of sale device 125 on the wireless point of sale LAN 120 or a wired point of sale device 145 on the wired point of sale LAN 140. If the data is destined for a point of sale device, the data control system blocks the data from being sent to the non-point of sale device in step 615.
In one embodiment, upon determining in step 610 that the data from the non-point of sale LAN is destined for a point of sale device, the data control system in step 640 allows the non-point of sale device to send the data over the system LAN 100 without regard to whether communication between wired and wireless devices is involved. In another embodiment, additional steps 620 and 630 may be taken to separate wired and wireless non-point of sale devices similar to the separation of wired and wireless point of sale devices described above.
In step 620, the data control system determines whether the data is from a wireless non-point of sale device and destined for a wired non-point of sale device. For example, the wireless router 110 determines whether the data is associated with an SSID assigned to the wireless non-point of sale LAN 130 and examines the data packet to determine whether the destination IP address contained therein corresponds to a wired non-point of sale device 155 on the wired point of sale LAN 150. If so, the wireless router 110 blocks the data from being sent to the wired non-point of sale device 155 in step 625.
In step 630, the data control system determines whether the data is from a wired non-point of sale device to a wireless non-point of sale device. For example, the wireless router 110 determines whether the data is from a port assigned to a wired non-point of sale device 155 on the wired non-point of sale LAN 150 and examines the data packet to determine whether the destination IP address contained therein corresponds to a wireless non-point of sale device 135 on the wireless non-point of sale LAN 130. If so, the wireless router 110 blocks the data from being sent to the wireless non-point of sale device 135 in step 635.
In step 640, having confirmed that the data is not destined for a point of sale device or from a wireless to wired or wired to wireless device, the data control system allows the non-point of sale device to send the data over the system LAN 100. In order to protect the data sent over the system LAN 100, some form of encryption may be employed. For example, the wireless non-point of sale device 135 and wireless router 110 may utilize Wi-Fi Protected Access (WPA) encryption to encrypt the data. A WPA passphrase will have been created by the secure host 180 and provided to the merchant to enter into the wireless point of sale device 125 at the time of configuration.
Data from the Non-Point of Sale LAN Over the External Network
In another aspect of the invention, the data control system prevents non-point of sale devices from sending data over the external network via a secure connection reserved for point of sale devices, but allows non-point of sale devices to send data over the external network other than via the secure connection. The secure connection is, for example, a virtual private network connection. The data control system may allow the data from non-point of sale devices to be sent only if it is not destined for a restricted destination. The restricted destination may be, for example, the secure host or the payment host.
FIG. 7 is a flow diagram illustrating the “Non-POS LAN for External Network” process performed by the data control system for data from a non-point of sale device that is destined for a location on the external network. The non-point of sale device may be a wireless non-point of sale device 135 on the wireless non-point of sale LAN 130 or a wired non-point of sale device 155 on the wired non-point of sale LAN 150. In step 710, the data control system determines whether the data from the non-point of sale device is destined for a restricted destination on the external network 160. For example, the data control system examines the data packet to determine whether the destination IP address contained therein corresponds to the IP address of the payment host 170 or the secure host 180. If the data control system determines in step 710 that the data is destined for a restricted destination on the external network 160, the data control system logs the attempt to connect to the external network 160 in step 715 and then blocks the data from being sent over the external network 160 in step 720. The log may be provided from the wireless router 110 to the secure host 160 and utilized, for example, to monitor the system LAN 100.
Upon determining that the data is not destined for a restricted destination on the external network 160, the data control system sends the data over the external network 160 in step 730. In a preferred embodiment, a form of encryption may be employed to protect the data exchanged between the point of sale device and the wireless router 110. For example, the wireless non-point of sale device 135 and wireless router 110 may utilize Wi-Fi Protected Access (WPA) encryption to encrypt the data. A WPA passphrase will have been created by the secure host 180 and provided to the merchant to enter into the wireless point of sale device 125 at the time of configuration.
Data from the External Network Over the Point of Sale LAN
In another aspect of the invention, the data control system allows point of sale devices on the local area network to receive data from the external network if received from the external network via a secure connection, but prevents point of sale devices from receiving data from the external network if not received via a secure connection. The secure connection is, for example, a virtual private network connection. The data control system may allow the data to be sent to the point of sale device only if it is associated with a communication session initiated by the point of sale device. The data control system may also allow the data to be sent to the point of sale device only if it is received from an authorized source on the external network.
FIG. 8 is a flow diagram illustrating the “External Network for POS LAN” process performed by the data control system for data from the external network that is destined for a point of sale device on the system LAN. The point of sale device may be a wireless point of sale device 125 on the wireless point of sale LAN 120 or a wired point of sale device 145 on the wired point of sale LAN 140. In step 810, the data control system determines whether the data is received from the external network 160 via a secure connection. The secure connection is, for example, a virtual private network (VPN) connection established by an OpenVPN software program on the wireless router 110 as described above with reference to FIG. 5. If in step 810 it is determined that the data is received from the external network 160 other than via the VPN connection, the wireless router 110 blocks the data from being sent to the point of sale device in step 820.
If the data is received from the external network 160 via the VPN connection, then the data control system determines in step 830 whether the data is associated with a data communication session that was initiated by the point of sale device for which the data is now destined. If the data communication was not initiated by the point of sale device, the data control system blocks the data from being sent to the point of sale device in step 820.
If the data communication was initiated by the point of sale device, then the data control system determines in step 840 whether the data from the external network 160 is from an authorized source. For example, the wireless router 110 examines the data packet to determine whether the source internet protocol (IP) address contained therein corresponds to the IP address of the payment host 170 or secure host 180. If the data was not from an authorized source, the wireless router 110 blocks the data from being sent to the point of sale device in step 820.
In step 850, upon confirming that the data communication was initiated by the point of sale device for which the data is destined and received via a secure connection from an authorized source, the data control system allows the data from the external network 160 to be sent to the point of sale device. In a preferred embodiment, an intrusion detection system is employed to protect the wireless point of sale LAN 120 and wired point of sale LAN 140 from external attacks. For example, the wireless router 110 runs the “Snort” open source software program, provided by Sourcefire, Inc. In one embodiment, the intrusion detection system provides an alarm signal to the secure host 180 upon detecting data traffic indicative of a possible external attack based on predetermined criteria. The secure host 180 may then communicate with the wireless router 110 to take preventative or corrective action including, if necessary, shutting down some or all data traffic on the system LAN 100 until resolution or clearance from the secure host 180. Alternatively, the wireless router 110 may initiate its own preventative or corrective action.
Data from the External Network Over the Non-Point of Sale LAN
In another aspect of the invention, the data control system allows non-point of sale devices on the LAN to receive data from the external network when established conditions are met. The data control system may allow the data to be sent to the non-point of sale devices only, for example, when the data is associated with a communication session initiated by the non-point of sale device. The data control system may also allow the data to be sent to the non-point of sale device only if it is not received from a restricted source. The restricted source may be, for example, the secure host, the payment host, or any unidentified source. Additionally, the data control system may allow the data to be sent to the non-point of sale device only if the data has not been received via a secure connection reserved for point of sale devices. The secure connection is, for example, a virtual private network connection.
FIG. 9 is a flow diagram illustrating the “External Network for Non-POS LAN” process performed by the data control system for data from the external network that is destined for a non-point of sale device on the system LAN. The non-point of sale device may be a wireless non-point of sale device 135 on the wireless non-point of sale LAN 130 or a wired non-point of sale device 155 on the wired non-point of sale LAN 150.
In step 910, the data control system determines whether the data received from the external network 160 is from a restricted source that has been designated as a source that the non-point of sale devices are not allowed to received data from. For example, the wireless router 110 examines the data packet to determine whether the source internet protocol (IP) address contained therein corresponds to the IP address of the payment host 170 or secure host 180. A restricted source could also include any unidentified sources or sources not previously designated as sources the non-point of sale devices are authorized to receive data from based on information maintained by the wireless router 110 and/or the secure host 180. A restricted source may also be any source from which data is received via the VPN connection. If the data is from a restricted source, the data control system blocks the data from being sent to the non-point of sale device in step 920.
If the data is not from a restricted source, the data control system determines in step 930 whether the data communication session was initiated by the non-point of sale device for which the data is now destined. If data communication was not initiated by the non-point of sale device, the wireless router 110 blocks the data from being sent to the non-point of sale device in step 920. In step 950, upon confirming that the data communication was initiated by the non-point of sale device for which the data is destined and not received from a restricted source, the wireless router 110 allows the data from the external network 160 to be sent to the point of sale device.
In a preferred embodiment, an intrusion detection system is employed to protect the wireless non-point of sale LAN 130 and wired non-point of sale LAN 150 from external attacks. For example, the wireless router 110 runs the “Snort” open source software program, provided by Sourcefire, Inc. In one embodiment, the intrusion detection system provides an alarm signal to the secure host 180 upon detecting data traffic indicative of a possible external attack based on predetermined criteria. The secure host 180 may then communicate with the wireless router 110 to take preventative or corrective action including, if necessary, shutting down some or all data traffic on the system LAN 100 until resolution or clearance from the secure host 180. Alternatively, the wireless router 110 may initiate its own preventative or corrective action.
White List Management
FIG. 10 is a flow diagram illustrating the process of managing the white list of approved POS devices. As discussed above, the wireless router 110 utilizes the white list to determine which devices are allowed to access authorized destinations on the external network 160. The process shown in FIG. 10 is performed by the secure host 180 at an initial configuration of the system LAN 100 and at any later time as necessary to modify the definition of approved point of sale devices, such as when adding new devices to the system LAN 100 at a later time.
In step 1010, the secure host 180 determines whether a device has been identified as an authorized point of sale device. Such a device may be identified by a human operator or by an automated process which determines the device to be a legitimate point of sale device dedicated to processing point of sale transactions. Approval of the device may also require authentication and/or corroboration with information identifying the device in possession of the merchant.
If the secure host 180 determines in step 1010 that the device is an approved point of sale device, it adds a device identifier such as a media access control (MAC) address of the device to a white list in step 1020. If the secure host 180 determines in step 1030 that more devices remain to be considered, the secure host 180 repeats the above steps until all point of sale devices have been considered. Thereafter, the secure host 180 sends the white list to the wireless router 110 in step 1040.
The invention has been described above with reference to one or more illustrative embodiments. Based on this description, further modifications and improvements may occur to those skilled in the art. The claims are intended to cover all such modifications and changes as fall within the scope and spirit of the invention.

Claims (21)

The invention claimed is:
1. A method, performed by a data control system, for securing data on a local area network in communication with an external network, the local area network having one or more point of sale devices and one or more non-point of sale devices, the method comprising the steps of:
(a) determining the data is from the external network;
(b) determining whether the data received from the external network is destined for a non-point of sale device; and
(c) allowing the data to be sent if it is destined for a non-point of sale device.
2. The method of claim 1 wherein step (a) further comprises determining whether the data is received via a secure connection reserved for point of sale devices, and wherein step (c) comprises allowing the data to the sent to the non-point of sale device only if it is not received via the secure connection.
3. The method of claim 2 wherein the secure connection is a virtual private network connection.
4. The method of claim 1 wherein step (c) comprises allowing the data to be sent to the non-point of sale device if the data is associated with a communication session initiated by the non-point of sale device and preventing the data from being sent to the non-point of sale device if the data is not associated with a communication session initiated by the non-point of sale device.
5. The method of claim 1 wherein step (c) comprises allowing the data to be sent to the non-point of sale device if the data is not from a restricted source and preventing the data from being sent to the non-point of sale device if the data from the restricted source.
6. The method of claim 5 wherein the restricted source is a secure host on the external network.
7. The method of claim 5 wherein the restricted source is a payment host on the external network.
8. The method of claim 5 wherein the restricted source is an unidentified source on the external network.
9. The method of claim 5 wherein step (c) comprises allowing the data to be sent to the non-point of sale device if the data is associated with a communication session initiated by the non-point of sale device and preventing the data from being sent to the non-point of sale device if the data is not associated with a communication session initiated by the non-point of sale device.
10. The method of claim 1 wherein the data control system comprises a router.
11. A data control system for securing data on a local area network in communication with an external network, the local area network having one or more point of sale devices and one or more non-point of sale devices, the data control system comprising:
means for determining the data is from the external network;
means for determining whether the data received from the external network is destined for a non-point of sale device; and
means for allowing the data to be sent if it is destined for a non-point of sale device.
12. The method of claim 11 wherein the means for determining the data is from the external network further comprises means for determining whether the data is received via a secure connection reserved for point of sale devices, and wherein the means for allowing the data to be sent comprises means for allowing the data to be sent to the non-point of sale device only if it is not received via the secure connection.
13. The data control system of claim 12 wherein the secure connection is a virtual private network connection.
14. The data control system of claim 11 wherein the means for allowing the data to be sent comprises means for allowing the data to be sent to the non-point of sale device if the data is associated with a communication session initiated by the non-point of sale device and means for preventing the data from being sent to the non-point of sale device if the data is not associated with a communication session initiated by the non-point of sale device.
15. The data control system of claim 11 wherein the means for allowing the data to be sent comprises means for allowing the data to be sent to the non-point of sale device if the data is not from a restricted source and means for preventing the data from being sent to the non-point of sale device if the data from the restricted source.
16. The data control system of claim 15 wherein the restricted source is a secure host on the external network.
17. The data control system of claim 15 wherein the restricted source is a payment host on the external network.
18. The data control system of claim 15 wherein the restricted source is an unidentified source on the external network.
19. The data control system of claim 14 wherein the means for allowing the data to the sent comprises means for allowing the data to be sent to the non-point of sale device if the data is associated with a communication session initiated by the non-point of sale device and means for preventing the data from being sent to the non-point of sale device if the data is not associated with a communication session initiated by the non-point of sale device.
20. The data control system of claim 11 wherein the data control system comprises a router.
21. The data control system of claim 11 wherein the data control system comprises a router in communication with a secure host.
US12/265,575 2008-11-05 2008-11-05 Method and system for securing data from an external network to a non point of sale device Active 2030-08-12 US8732813B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US12/265,575 US8732813B2 (en) 2008-11-05 2008-11-05 Method and system for securing data from an external network to a non point of sale device
PCT/US2009/063265 WO2010053983A2 (en) 2008-11-05 2009-11-04 Method and system for providing a point of sale network within a lan

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12/265,575 US8732813B2 (en) 2008-11-05 2008-11-05 Method and system for securing data from an external network to a non point of sale device

Publications (2)

Publication Number Publication Date
US20100115602A1 US20100115602A1 (en) 2010-05-06
US8732813B2 true US8732813B2 (en) 2014-05-20

Family

ID=42133097

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/265,575 Active 2030-08-12 US8732813B2 (en) 2008-11-05 2008-11-05 Method and system for securing data from an external network to a non point of sale device

Country Status (1)

Country Link
US (1) US8732813B2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10044710B2 (en) 2016-02-22 2018-08-07 Bpip Limited Liability Company Device and method for validating a user using an intelligent voice print

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10083467B2 (en) * 2009-11-06 2018-09-25 Walmart Apollo, Llc System and method for communicating information to a customer at a point-of-sale via a wireless link within a retail store
CA2802071C (en) 2010-06-11 2018-08-28 Cardinal Commerce Corporation Method and system for secure order management system data encryption, decryption, and segmentation

Citations (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040059634A1 (en) 2002-09-24 2004-03-25 Tami Michael A. Computerized system for a retail environment
US20040128196A1 (en) 2002-09-19 2004-07-01 Masatsugu Shibuno One-to-one business support system and program for implementing the function of the system
US20040198220A1 (en) 2002-08-02 2004-10-07 Robert Whelan Managed roaming for WLANS
KR20040110866A (en) 2003-06-20 2004-12-31 (주)이노크래프트 Credit Card Payment System using VPN
JP2005020567A (en) 2003-06-27 2005-01-20 Nec Infrontia Corp Online settlement method, online settlement system, dial-up router, and terminal
US20050143166A1 (en) 2003-10-17 2005-06-30 Walker Jay S. Systems and methods for determining a level of reward
US20050254652A1 (en) 2002-07-16 2005-11-17 Haim Engler Automated network security system and method
US6986061B1 (en) * 2000-11-20 2006-01-10 International Business Machines Corporation Integrated system for network layer security and fine-grained identity-based access control
US20060261159A1 (en) * 2005-05-23 2006-11-23 Fred Redick Devices and methods for monitoring transaction data from point-of-sale devices
US20060271486A1 (en) 2005-05-12 2006-11-30 Damian Cross Digital publication system and apparatus
US7209733B2 (en) 2000-10-06 2007-04-24 Pay X Pda, Llc Credit manager method and system
US20070150732A1 (en) 2005-12-28 2007-06-28 Fujitsu Limited Wireless network control device and wireless network control system
US20070265935A1 (en) 2006-05-02 2007-11-15 Nextep Systems, Inc. Computer-based ordering system
US20080016556A1 (en) 2006-04-29 2008-01-17 Alcatel Lucent Method of providing a guest terminal with emergency access to a wlan
US20080046366A1 (en) 2006-06-29 2008-02-21 Vincent Bemmel Method and system for providing biometric authentication at a point-of-sale via a mobile device
US20080120610A1 (en) 2006-11-20 2008-05-22 Canon Kabushiki Kaisha Information processing apparatus, control method for the apparatus, and information processing system
US20080183589A1 (en) * 2007-01-30 2008-07-31 Phil Dixon Aggregation of validated transactions for settlement
US20080208758A1 (en) 2008-03-03 2008-08-28 Spiker Norman S Method and apparatus for secure transactions
US20080238610A1 (en) 2006-09-29 2008-10-02 Einar Rosenberg Apparatus and method using near field communications
US7451926B2 (en) * 2006-11-03 2008-11-18 Microsoft Corporation Securing payment data
US20090047959A1 (en) 2007-05-11 2009-02-19 Toshiba Research America, Inc. Data type encoding for media independent handover
US7587196B2 (en) * 2001-03-29 2009-09-08 Telefonaktiebolaget Lm Ericsson (Publ) Wireless point of sale transaction
US20090228364A1 (en) 2003-08-22 2009-09-10 Economy Theodore F Intelligent transaction router and process for handling multi-product point of sale transactions
US20090307141A1 (en) 2008-06-06 2009-12-10 Telefonaktiebolaget Lm Ericsson (Publ) Secure Card Services
US7707255B2 (en) * 2003-07-01 2010-04-27 Microsoft Corporation Automatic grouping of electronic mail
US20100281249A1 (en) 2009-05-03 2010-11-04 Kabushiki Kaisha Toshiba Media independent handover protocol security
US7908487B2 (en) * 2006-05-10 2011-03-15 Ndchealth Corporation Systems and methods for public-key encryption for transmission of medical information
US7953971B2 (en) * 2005-10-27 2011-05-31 Research In Motion Limited Synchronizing certificates between a device and server
US7966263B2 (en) 2006-05-04 2011-06-21 First Data Corporation Wireless phone RF presentation instrument with sensor control
US8005459B2 (en) * 2005-12-16 2011-08-23 Research In Motion Limited System and method of authenticating login credentials in a wireless communication system

Patent Citations (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7209733B2 (en) 2000-10-06 2007-04-24 Pay X Pda, Llc Credit manager method and system
US6986061B1 (en) * 2000-11-20 2006-01-10 International Business Machines Corporation Integrated system for network layer security and fine-grained identity-based access control
US7587196B2 (en) * 2001-03-29 2009-09-08 Telefonaktiebolaget Lm Ericsson (Publ) Wireless point of sale transaction
US20050254652A1 (en) 2002-07-16 2005-11-17 Haim Engler Automated network security system and method
US20040198220A1 (en) 2002-08-02 2004-10-07 Robert Whelan Managed roaming for WLANS
US20040128196A1 (en) 2002-09-19 2004-07-01 Masatsugu Shibuno One-to-one business support system and program for implementing the function of the system
US20040059634A1 (en) 2002-09-24 2004-03-25 Tami Michael A. Computerized system for a retail environment
KR20040110866A (en) 2003-06-20 2004-12-31 (주)이노크래프트 Credit Card Payment System using VPN
JP2005020567A (en) 2003-06-27 2005-01-20 Nec Infrontia Corp Online settlement method, online settlement system, dial-up router, and terminal
US7707255B2 (en) * 2003-07-01 2010-04-27 Microsoft Corporation Automatic grouping of electronic mail
US20090228364A1 (en) 2003-08-22 2009-09-10 Economy Theodore F Intelligent transaction router and process for handling multi-product point of sale transactions
US20050143166A1 (en) 2003-10-17 2005-06-30 Walker Jay S. Systems and methods for determining a level of reward
US20060271486A1 (en) 2005-05-12 2006-11-30 Damian Cross Digital publication system and apparatus
US20060261159A1 (en) * 2005-05-23 2006-11-23 Fred Redick Devices and methods for monitoring transaction data from point-of-sale devices
US7953971B2 (en) * 2005-10-27 2011-05-31 Research In Motion Limited Synchronizing certificates between a device and server
US8005459B2 (en) * 2005-12-16 2011-08-23 Research In Motion Limited System and method of authenticating login credentials in a wireless communication system
US20070150732A1 (en) 2005-12-28 2007-06-28 Fujitsu Limited Wireless network control device and wireless network control system
US20080016556A1 (en) 2006-04-29 2008-01-17 Alcatel Lucent Method of providing a guest terminal with emergency access to a wlan
US20070265935A1 (en) 2006-05-02 2007-11-15 Nextep Systems, Inc. Computer-based ordering system
US7966263B2 (en) 2006-05-04 2011-06-21 First Data Corporation Wireless phone RF presentation instrument with sensor control
US7908487B2 (en) * 2006-05-10 2011-03-15 Ndchealth Corporation Systems and methods for public-key encryption for transmission of medical information
US20080046366A1 (en) 2006-06-29 2008-02-21 Vincent Bemmel Method and system for providing biometric authentication at a point-of-sale via a mobile device
US7512567B2 (en) 2006-06-29 2009-03-31 Yt Acquisition Corporation Method and system for providing biometric authentication at a point-of-sale via a mobile device
US20080238610A1 (en) 2006-09-29 2008-10-02 Einar Rosenberg Apparatus and method using near field communications
US7451926B2 (en) * 2006-11-03 2008-11-18 Microsoft Corporation Securing payment data
US20080120610A1 (en) 2006-11-20 2008-05-22 Canon Kabushiki Kaisha Information processing apparatus, control method for the apparatus, and information processing system
US20080183589A1 (en) * 2007-01-30 2008-07-31 Phil Dixon Aggregation of validated transactions for settlement
US20090047959A1 (en) 2007-05-11 2009-02-19 Toshiba Research America, Inc. Data type encoding for media independent handover
US20080208758A1 (en) 2008-03-03 2008-08-28 Spiker Norman S Method and apparatus for secure transactions
US20090307141A1 (en) 2008-06-06 2009-12-10 Telefonaktiebolaget Lm Ericsson (Publ) Secure Card Services
US20100281249A1 (en) 2009-05-03 2010-11-04 Kabushiki Kaisha Toshiba Media independent handover protocol security

Non-Patent Citations (16)

* Cited by examiner, † Cited by third party
Title
Final Office Action dated Dec. 27, 2013 in U.S. Appl. No. 12/265,568.
Office Action dated Dec. 27, 2013 in U.S. Appl. No. 12/265,446.
PCT International Search Report and Written Opinion dated Jun. 17, 2010 for International Application No. PCT/US2009/063265, 11 pages.
PCT; International Preliminary Report on Patentability dated May 10, 2011 in Application No. PCT/US2009/063265.
USPTO; Final Office Action dated Apr. 5, 2011 in U.S. Appl. No. 12/265,446.
USPTO; Final Office Action dated Jul. 1, 2013 in U.S. Appl. No. 12/265,534.
USPTO; Final Office Action dated Nov. 3, 2011 in U.S. Appl. No. 12/265,483.
USPTO; Final Office Action dated Nov. 9, 2011 in U.S. Appl. No. 12/265,508.
USPTO; Final Office Action dated Oct. 5, 2012 in U.S. Appl. No. 12/265,550.
USPTO; Office Action dated Apr. 29, 2013 in U.S. Appl. No. 12/265,568.
USPTO; Office Action dated Mar. 1, 2011 in U.S. Appl. No. 12/265,508.
USPTO; Office Action dated Mar. 23, 2011 in U.S. Appl. No. 12/265,534.
USPTO; Office Action dated Mar. 24, 2011 in U.S. Appl. No. 12/265,483.
USPTO; Office Action dated Oct. 21, 2011 in U.S. Appl. No. 12/265,550.
USPTO; Office Action dated Sep. 27, 2010 in U.S. Appl. No. 12/265,446.
USPTO; Office Action dated Sep. 28, 2011 in U.S. Appl. No. 12/265,568.

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10044710B2 (en) 2016-02-22 2018-08-07 Bpip Limited Liability Company Device and method for validating a user using an intelligent voice print

Also Published As

Publication number Publication date
US20100115602A1 (en) 2010-05-06

Similar Documents

Publication Publication Date Title
US20140298027A1 (en) Integrated contactless mpos implementation
US8571995B2 (en) Purchase transaction system with encrypted payment card data
CA2736582C (en) Authorization of server operations
US11748791B2 (en) Method and system for secure order management system data encryption, decryption, and segmentation
US9686251B2 (en) Devices and techniques for controlling disclosure of sensitive information
WO2008144555A1 (en) Secure payment card transactions
US20070299781A1 (en) System and apparatus for credit data transmission
CN102104589A (en) Private network series
US10460117B2 (en) System and method for removing internet attack surface from internet connected devices
US20030101339A1 (en) Method and system for transmitting sensitive information over a network
US20100115624A1 (en) Method and system for securing data from a point of sale device over a lan
US8966610B2 (en) Method and system for securing data from a non-point of sale device over an external network
CN101668013A (en) Network connection technology and system thereof
US20080005039A1 (en) Decryption of Personal Identification Number & Forwarding Method and Apparatus
WO2012104186A1 (en) A payment transaction method and corresponding applications
US8732813B2 (en) Method and system for securing data from an external network to a non point of sale device
JPH10105603A (en) Method and device for information communication
US20100114723A1 (en) Method and system for providing a point of sale network within a lan
US9185110B2 (en) Device and method for secure access to a remote server
US20100115600A1 (en) Method and system for securing data from an external network to a point of sale device
US20100115127A1 (en) Method and system for securing data from a non-point of sale device over a lan
US20100115599A1 (en) Method and system for securing data from a point of sale device over an external network
WO2008150801A1 (en) Secure payment transaction in multi-host environment
US20170185999A1 (en) Secure Payment System
WO2010053983A2 (en) Method and system for providing a point of sale network within a lan

Legal Events

Date Code Title Description
AS Assignment

Owner name: APPSWARE WIRELESS, LLC,ARIZONA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:COPPINGER, PAUL D.;REEL/FRAME:022329/0973

Effective date: 20090126

Owner name: APPSWARE WIRELESS, LLC, ARIZONA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:COPPINGER, PAUL D.;REEL/FRAME:022329/0973

Effective date: 20090126

AS Assignment

Owner name: TRIREMES 24 LLC,MASSACHUSETTS

Free format text: SECURITY AGREEMENT;ASSIGNOR:APPSWARE WIRELESS, LLC;REEL/FRAME:023538/0566

Effective date: 20091111

Owner name: SORRENTO INVESTMENT GROUP, LLC,PENNSYLVANIA

Free format text: SECURITY AGREEMENT;ASSIGNOR:APPSWARE WIRELESS, LLC;REEL/FRAME:023538/0566

Effective date: 20091111

Owner name: EDWARD F STAINO TRUST,PENNSYLVANIA

Free format text: SECURITY AGREEMENT;ASSIGNOR:APPSWARE WIRELESS, LLC;REEL/FRAME:023538/0566

Effective date: 20091111

Owner name: WARD, CHRISTOPHER,ARIZONA

Free format text: SECURITY AGREEMENT;ASSIGNOR:APPSWARE WIRELESS, LLC;REEL/FRAME:023538/0566

Effective date: 20091111

Owner name: SYLVIA G. GORDON TRUST,ILLINOIS

Free format text: SECURITY AGREEMENT;ASSIGNOR:APPSWARE WIRELESS, LLC;REEL/FRAME:023538/0566

Effective date: 20091111

Owner name: TATE, MARSHA,ILLINOIS

Free format text: SECURITY AGREEMENT;ASSIGNOR:APPSWARE WIRELESS, LLC;REEL/FRAME:023538/0566

Effective date: 20091111

Owner name: TRIREMES 24 LLC, MASSACHUSETTS

Free format text: SECURITY AGREEMENT;ASSIGNOR:APPSWARE WIRELESS, LLC;REEL/FRAME:023538/0566

Effective date: 20091111

Owner name: SORRENTO INVESTMENT GROUP, LLC, PENNSYLVANIA

Free format text: SECURITY AGREEMENT;ASSIGNOR:APPSWARE WIRELESS, LLC;REEL/FRAME:023538/0566

Effective date: 20091111

Owner name: EDWARD F STAINO TRUST, PENNSYLVANIA

Free format text: SECURITY AGREEMENT;ASSIGNOR:APPSWARE WIRELESS, LLC;REEL/FRAME:023538/0566

Effective date: 20091111

Owner name: WARD, CHRISTOPHER, ARIZONA

Free format text: SECURITY AGREEMENT;ASSIGNOR:APPSWARE WIRELESS, LLC;REEL/FRAME:023538/0566

Effective date: 20091111

Owner name: SYLVIA G. GORDON TRUST, ILLINOIS

Free format text: SECURITY AGREEMENT;ASSIGNOR:APPSWARE WIRELESS, LLC;REEL/FRAME:023538/0566

Effective date: 20091111

Owner name: TATE, MARSHA, ILLINOIS

Free format text: SECURITY AGREEMENT;ASSIGNOR:APPSWARE WIRELESS, LLC;REEL/FRAME:023538/0566

Effective date: 20091111

AS Assignment

Owner name: APRIVA, LLC, ARIZONA

Free format text: CHANGE OF NAME;ASSIGNOR:APPSWARE WIRELESS, LLC;REEL/FRAME:026001/0653

Effective date: 20100216

AS Assignment

Owner name: SILICON VALLEY BANK, CALIFORNIA

Free format text: SECURITY AGREEMENT;ASSIGNORS:APRIVA ISS, LLC;APRIVA SYSTEMS, LLC;APRIVA, LLC;REEL/FRAME:029033/0039

Effective date: 20120920

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: SPINNAKER CAPITAL, LLC, MASSACHUSETTS

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:032939/0408

Effective date: 20140326

AS Assignment

Owner name: MINTON, TAMARA, TEXAS

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:033133/0933

Effective date: 20140604

Owner name: MINTON, RANDALL, TEXAS

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:033133/0933

Effective date: 20140604

Owner name: LAVIN, KEVIN, DISTRICT OF COLUMBIA

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:033133/0933

Effective date: 20140604

Owner name: EDWARD F. STAIANO TRUST, PENNSYLVANIA

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:033133/0933

Effective date: 20140604

Owner name: MINTON FAMILY TRUST, TEXAS

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:033133/0933

Effective date: 20140604

Owner name: SKYSAIL 7 LLC, MASSACHUSETTS

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:033133/0933

Effective date: 20140604

Owner name: WARD, CHRIS, ARIZONA

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:033133/0933

Effective date: 20140604

Owner name: TATE, MARSHA, ILLINOIS

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:033133/0933

Effective date: 20140604

AS Assignment

Owner name: SPINNAKER CAPITAL, LLC, MASSACHUSETTS

Free format text: RELEASE OF SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:033226/0344

Effective date: 20140326

AS Assignment

Owner name: WARD, D. CHRISTOPHER, ARIZONA

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:035317/0111

Effective date: 20150316

Owner name: LAVIN, KEVIN J., DISTRICT OF COLUMBIA

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:035317/0111

Effective date: 20150316

Owner name: SPINELLA, RINALDO, MASSACHUSETTS

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:035317/0111

Effective date: 20150316

Owner name: MINTON, REX, TEXAS

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:035317/0111

Effective date: 20150316

Owner name: SKYSAIL 9 LLC, MASSACHUSETTS

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:035317/0111

Effective date: 20150316

Owner name: TATE, MARSHA, ILLINOIS

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:035317/0111

Effective date: 20150316

Owner name: EDWARD F. STAIANO TRUST, ARIZONA

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:035317/0111

Effective date: 20150316

Owner name: RIDDIFORD, DAVID, ARIZONA

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:035317/0111

Effective date: 20150316

Owner name: SPINELLA, RICHARD, ARIZONA

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:035317/0111

Effective date: 20150316

AS Assignment

Owner name: APRIVA, LLC, ARIZONA

Free format text: RELEASE BY SECURED PARTY;ASSIGNORS:TRIREMES 24 LLC;SORRENTO INVESTMENT GROUP, LLC;EDWARD F. STAIANO TRUST;AND OTHERS;REEL/FRAME:035508/0317

Effective date: 20150427

AS Assignment

Owner name: SILICON VALLEY BANK, CALIFORNIA

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:035554/0844

Effective date: 20150429

AS Assignment

Owner name: SKYSAIL 18 LLC, MASSACHUSETTS

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:038064/0930

Effective date: 20160224

AS Assignment

Owner name: SKYSAIL 19, LLC, MASSACHUSETTS

Free format text: SECURITY INTEREST;ASSIGNORS:APRIVA, LLC;APRIVA ISS, LLC;APRIVA SYSTEMS, LLC;REEL/FRAME:039288/0946

Effective date: 20160628

AS Assignment

Owner name: SKYSAIL 18 LLC, MASSACHUSETTS

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:040552/0292

Effective date: 20161028

AS Assignment

Owner name: SKYSAIL 18 LLC, MASSACHUSETTS

Free format text: SECURITY INTEREST;ASSIGNOR:APRIVA, LLC;REEL/FRAME:041212/0406

Effective date: 20161227

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.)

FEPP Fee payment procedure

Free format text: SURCHARGE FOR LATE PAYMENT, SMALL ENTITY (ORIGINAL EVENT CODE: M2554)

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551)

Year of fee payment: 4

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

FEPP Fee payment procedure

Free format text: 7.5 YR SURCHARGE - LATE PMT W/IN 6 MO, SMALL ENTITY (ORIGINAL EVENT CODE: M2555); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2552); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 8